EUVD-2025-207549

A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the automatic loading and execution of .psysh.php from the current working directory during startup. An attacker can execute arbitrary code with the privileges of the victim process by placing a...

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

VulnCheck KEV: CVE-2025-55523

An issue in the component /api/downloadworkdirfile.py of Agent-Zero v0.8. allows attackers to execute a directory traversal...

EUVD-2021-0669

Malware in sbrugna...

EUVD-2025-28592

Malicious code in bioql PyPI...

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

CVE-2025-55523

An issue in the component /api/downloadworkdirfile.py of Agent-Zero v0.8. allows attackers to execute a directory traversal...

CVE-2025-55523

An issue in the component /api/downloadworkdirfile.py of Agent-Zero v0.8. allows attackers to execute a directory traversal...

PT-2025-34265

Name of the Vulnerable Software and Affected Versions: Agent-Zero versions 0.8.0 through 0.8.9 Description: An issue exists in the /api/download work dir file.py component that allows attackers to execute a directory traversal. Recommendations: At the moment, there is no information about a newer...

CVE-2025-55523

Agent-Zero CVE-2025-55523 affects v0.8.0–0.9.4 and is caused by improper validation in /api/download_work_dir_file.py that enables a path traversal, allowing arbitrary file download via a crafted request. Impacts include access to unauthorized files. Remediation: update to the latest Agent-Zero v...

CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...

PHPGurukul Directory Management System 注入漏洞

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /admin/manage-directory.php. An attacker can explo...

CVE-2024-36474

Summary: CVE-2024-36474 affects the GNOME libgsf library (G Structured File Library), specifically the Compound Document Binary File format parser in version 1.14.52. A crafted file can trigger an integer overflow while processing the directory, allowing an out-of-bounds access and potentially ar...

UBUNTU-CVE-2024-38441

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions...

The vulnerability of the umask() function in the archive_write_disk.posix.c component of the Libarchive library, which allows an attacker to delete and rename files within directories.

The vulnerability of the umask function in the archivewritedisk.posix.c component of the Libarchive library arises due to synchronization errors when using a shared resource. Exploiting this vulnerability could allow an attacker to delete and rename files within these directories...

SUSE CVE-2023-2908

A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...

Fedora: Security Advisory for gobuster (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: gobuster-3.1.0-3.fc35

Directory/File, DNS and VHost busting tool written in Go...

[SECURITY] Fedora 36 Update: gobuster-3.1.0-3.fc36

Directory/File, DNS and VHost busting tool written in Go...